diff --git a/cmd/sniproxy/sniproxy.go b/cmd/sniproxy/sniproxy.go index 49ab764a3..d75e88877 100644 --- a/cmd/sniproxy/sniproxy.go +++ b/cmd/sniproxy/sniproxy.go @@ -26,6 +26,7 @@ import ( var ( ports = flag.String("ports", "443", "comma-separated list of ports to proxy") + wgPort = flag.Int("wg-listen-port", 0, "UDP port to listen on for WireGuard and peer-to-peer traffic; 0 means automatically select") promoteHTTPS = flag.Bool("promote-https", true, "promote HTTP to HTTPS") ) @@ -40,6 +41,7 @@ func main() { hostinfo.SetApp("sniproxy") var s server + s.ts.Port = uint16(*wgPort) defer s.ts.Close() lc, err := s.ts.LocalClient() diff --git a/tsnet/tsnet.go b/tsnet/tsnet.go index 9d7fd7e58..a0430857a 100644 --- a/tsnet/tsnet.go +++ b/tsnet/tsnet.go @@ -61,7 +61,7 @@ func inTest() bool { return flag.Lookup("test.v") != nil } // Server is an embedded Tailscale server. // -// Its exported fields may be changed until the first call to Listen. +// Its exported fields may be changed until the first method call. type Server struct { // Dir specifies the name of the directory to use for // state. If empty, a directory is selected automatically @@ -108,6 +108,11 @@ type Server struct { // If empty, the Tailscale default is used. ControlURL string + // Port is the UDP port to listen on for WireGuard and peer-to-peer + // traffic. If zero, a port is automatically selected. Leave this + // field at zero unless you know what you are doing. + Port uint16 + getCertForTesting func(*tls.ClientHelloInfo) (*tls.Certificate, error) initOnce sync.Once @@ -502,7 +507,7 @@ func (s *Server) start() (reterr error) { sys := new(tsd.System) s.dialer = &tsdial.Dialer{Logf: logf} // mutated below (before used) eng, err := wgengine.NewUserspaceEngine(logf, wgengine.Config{ - ListenPort: 0, + ListenPort: s.Port, NetMon: s.netMon, Dialer: s.dialer, SetSubsystem: sys.Set,